As always thank you everyone! Been a lot of support from everyone for this and excited to get this out there to help users be a bit safer on a self hosted PDS
Coding, retro gaming, embedded development, and whatever else comes to mind. Sometimes serious, mostly just killing time and trying to find like minded people. I have listend to 138 songs today Y'all means all 🏳️🌈 📍Middle Tennessee ⚽️Nashville SC
1,896 followers 1,322 following 6,414 posts
view profile on Bluesky
As always thank you everyone! Been a lot of support from everyone for this and excited to get this out there to help users be a bit safer on a self hosted PDS
If you want to give a try at hacking it or want to review the code to make sure I didn't leave a 1` or `1` = `1 have at it (within reason please 🥲) This will be the most likely spot for a vulnerability to bypass 2fa tangled.sh/@baileytowns...
Once you get an invite code you'll go to bsky.app -> Create account -> click "Bluesky social {pencil icon}" -> custom and enter skeetcentral.com. Then create a test account
If you'd like to try it out and help me out please let me know and I would greatly appreciate it! If you want to jump in head first with your own PDS I'll post some setup for that tonight or tomorrow, but def remember there could be bugs.
It's time! Email 2FA for self hosted accounts is ready for testing! This is a call for testing. If you'd like to help out DM me for an invite code to skeetcentral.com Looking for: - Bugs - 2FA shows up where it should - Does not break other apps - Emails work - Security exploits to by pass 2fa
probably so. any mobile workflow should also work for browser extension with the added bonus that I think you can set a cookie that workflow as well so might even make it easier in some ways
@piss.beauty @pay uses the relay's listReposByCollection endpoint to show all the users who are using it to find people to send money to Then on the microcosm side I use it to get all the likes and reposts for at://giveaways giveaways.baileytownsend.dev
For sure makes it easier. But you can get crafty on some stuff. A few examples are My wrapped app can do a from -> thur date for my teal.fm records by doing a reverse list with a tid for the date I wanted to start at wrapped.baileytownsend.dev
Here's the backend start of oauth building the url github.com/dropanchorap... and this looks to kick it off github.com/dropanchorap...
- backend auths user and returns back in that window setting the session (or returns a token for auth to backend). Then you make a call to the backend and it makes the atproto requests. that's a tldr. Going to find an atproto app that does something similar but for mobile and link it
haha I did not fully. This was also for someone else and a bookmark thing. I do think you can combine it with a backend and get it though that. A rough draft is - front end calls to backend to start oauth. see if that can happen in the window that opens - bsky oauth callback is to the backend
I think @byarielm.fyi has had a lot of luck with other clients following similar url schemes for adding users to lists from different things. Can also create a list if you'd like of urls and we can see if there is a pattern to add into try and detect them, or do common ones for a shortcut action
whoops reverse that. But can check my add user to list shortcut example for how I get the username and stuff from a url. would be similar probably
I'll look later for some acutal shortcuts. but prob a split on dot on the lexicon So some pseduecode splitList = Split("blue.2048.game", ".") hostName = splitList[1] ending = splitList[0] combineText("https://{hostName}{ending}/{w/e else}"). Not perfect since some urls may have a subdomain
was rough today too because i forgot my sun glasses. felt like someone threw a flash bang at me lol
checkmate dilated eyes
I think no longer with this change that came in on 8/12 it looks like. It doesn’t store the pref in your PDS but if you change the atproto proxy to a did:web for an XRPC appview your PDS will proxy that to it instead with a jwt and can store it privately for your atproto app (from what I’m seeing)
I didn’t know they said they weren’t going to ship oauth 👀 Mostly just excited about this cause you can have private preferences somewhat on protocol with it
The PDS layer. I always refer to it as just a fancy Key/value store. Can use pdsls to view what’s all in someone’s repo. For example this one is mine pdsls.dev/at://did:plc...
Brb eyes got dilated
It can. But to give you a real work example I use my account to keep track of what I’ve listened to (and other things) but my music history is the biggest at over 11k records (1 song per record) My entire repo including Bluesky records (not media) is 17.7mb
They're very much so worth it. Especially with onion os lol. onionui.github.io
Big fan of the miyoo mini pluses too and they’re like $60 ish
We talked about this yet and I missed it? github.com/bluesky-soci...
fair enough! idk if you're on discord but might like to check out the #development channel and share this in it discord.com/invite/DMSZ3...
cooking on all 4 stove eyes this week
I ask that cause it’s on a list so I could make it easier to work with the front end, so I could add a js library for Apple Music auth. So be really awesome if you did lol
👀. Did you move the html to templates from strings for this? Also that’s nice didn’t realize they had an export. I’m kind of scared what mind would be and how big
alright, maybe I didn't actually go out on a limb with this one like I thought I was 👀
@dame.is actually the right hemisphere of my brain (the creative part). open it up it's just moths
Can use mailpit (what I use for dev) or the code shows up in the email_tokens table in the account.sqlite db mailpit.axllent.org
Going to go out on a limb with this one. ATProto's biggest selling point to me as a developer was the ease of being able to build an application with a store for user data and authentication already baked in. No need for a backend. I still think that's a big draw for me and one of its biggest pros
Thank you! Here’s where I talk about it. Don’t have a big iOS 26 update plan (other than it does run on it now thanks to a bug fix lol). But do have more atproto/bluesky features I’ll be adding to it bsky.app/profile/bail...
That was it! Thank you so much!
Works fine on bare metal but does not inside the container. Here's the dockerfile as well tangled.sh/@baileytowns...
So I'm trying to send an email via a docker Rust-bookworm container using the rust crate lettre and keep getting this error "error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354". Happens no matter if smtps or not. Any ideas would be appreciated?
Yes so if someone wanted to create an account on your PDS they can only do it with a service auth token from another acc since that can be verified via the key on the did doc Thought there is that’s another hoop for someone to jump through before creating an account while not breaking other tools
idk what blueskyism and I am afraid to ask
I think at this point someone could do a phd on oauth lol. There’s a lot to it. But feel free to let me know any you have and I’ll try my best to answer them
Second paragraph under “ Independent P DS Hosting and Migration”talks a bit about it as well whtwnd.com/bnewbold.net...
I’m also playing around with the possibility of just blocking createAccount unless it’s an authenticated one (like in the case or migration not a new did). Still trying to decide if that’s enough to slow down malicious actors while not breaking any current tooling
What this gets you is a captcha for account creations via oauth so it’s harder for bots to signup. But blocks account migrations. I’ve been playing around with what to do for PDS gatekeeper cause this is something I want to add to it. Captcha on sign up and on migration
I actually did dive into this some Saturday So I found out on the offical PDS implementation you can do a couple of things You can turn on HCAPTCHA for account creations on oauth and turn off invite code. Can also turn off importRepos (what allows migrations)
Checkout for a couple of days and caught up with some tv and some offline time. Feeling rested and ready to get back to it tomorrow
That’s awesome! I’m glad it helped out and looks great
shipped today: status.zzstoatzz.io - a personal status app on atproto! 🚀 started with @baileytownsend.dev's rusty statusphere (just emoji statuses) and transformed it into something much more
Was snoozing. Looks like everyone listed them all in this thread tho
Apple has honestly really knocked it out of the park with all the sci-fi I’ve seen from them. Even if they are a bit awkward here and there, they all look great
I’ve watched the first two seasons but trying decide if I want to re watch or do a recap lol. I love the books and doing about the same with getting them separate. Mostly just happy to see Daneel in any capacity on the show
There’s two books and they were pretty good! Might be worth a checkout as well if you haven’t Thank you! I’m excited
Catching up on movies today. Just watched Mickey 17. Pretty good, bit different than the book. Do wish they mention the fact that they didnt expect Niflheim to be frozen over when they got there lol Onto the new Superman movie and may do foundation next
3am? Witching hour.
I’m sorry. But also. I’m not alone in asking these questions. What if I do die alone? When If xyz dies alone? There’s only so much we can do
We only got so many chances .And it turns out that they forget about the rest of us. We want to see the stars
funereal potato’s
It kills me how common we have than we don’t. Like I could write a novel on it but you’d have to buy that beer after the work day
You say the topic and we’ll talk about it. But can it please be over a beer after 5pm but before happy hour ends?
holler and I’d pull up for real to tennessee shuffle in a heartbeat
Raise hell praise dale(complimentary)
> During lectures she took out a scarlet silk handkerchief, and … said that no matter whether she died on the gallows or in her bed, she wished it to be her shroud. She would laugh and taunt the audience, urging calm: "This is our color," the color of revolution. My vibe in a nutshell
White reporter: “Why are the Black Panthers building their own medical center?” cc: @coolhtowngirl.blacksky.app
It’s cheesy. but we only had so many books in the public library in the deep south when I was a teenager
Don’t ever minced my words on the account of my education “Every line of serious work that I have written since 1936 has been written, directly or indirectly, against totalitarianism and for democratic socialism, as I understand it.”
Don’t forget. There’s a reason we don’t celebrate Labor Day on May 1st with the rest of our comrades
Lucky’s is calling my name
😳 I jumped the gun on that then. I apologize. I read it as you saying it was limit and it was lower. Might have to all look at it later and see if we can see what is happening (I’m afk atm)
Come up a lot with blacksky.app migrations
Called it (just happy I called the hard to troubleshoot error and is an easy fix for them)
fyi if I’m mia tomorrow it’s the Nashville vs Atlanta game tonight and I’m for real in the trenches
Atlanta should of just worn their home jerseys tbh
Oh that’s funny I also have a host with cloudflare guide haha. Yeah it’s 100% doable and will let you know how I do it since that’s how I’ve done my dev environment baileytownsend.dev/articles/hos...
Sounds like it should be doable then! All things are possibly through a reverse proxy I’ve found out lol. Do you have a guide for the setup?
Thank you! It has been a lot of fun. Started as a what if and turned into a fun little hack
Maybe? I’m not familiar with that setup. But currently for testing I’m doing cloudflare tunnel -> caddy -> caddy overwrites the gatekept endpoints and proxies the rest to the localhost:3000 PDS instance. So maybe? Or at least may need a caddy instance in front. But I’d gladly help figure it out!
I’d have to look at it again. It’s a one liner and they always throw me for a loop lol. But I think it’s every 5 of either a click or an error it opens or closes
Showing up to the function(soccer game) and going talk about my current fixation (bandaid fixes to make a PDS a bit more secure for users and easier for admins to manage)
Prob best as well to do it tomorrow that way I'll be here to take bug reports (about to head out for the night). The big debate I have now is should I post a test account and its password and see if someone can bypass the email 2FA
I flew too close to the sun. Sorry about that, got excited to be able to have it out. TLDR will be tomorrow, but all work is done just needs testing 🤞 Longer version: I forgot about OpenSSL being a pain and mac docker builds take forever
To add to it I just realized I need to leave the house in 30mins haha
we're close. testing the docker build and will put out a call for testing with some invite codes to a test server for people to try it out on
I’d be so nervous to print out a sticker cause it’s from a video game haha
I've created a demo / template ATProto feed generator in #golang which hopefully people might find useful. I'm sure there are improvements that can be made but this is basically what I've been using for my bookmarks feed for quite a while now. tangled.sh/@willdot.net...
It’s so good. Did you watch the music video? The bar she was singing in is Santa’s lol
Covering my bases. No PDSes were forked in the making of this error description
zepplin oauth isnt it?
turns out if you hit the error like 5 times it shows the details of the error on oauth login lol
yeah looks like it may be something on @witchcraft.systems side. sorry about that :/. Prob best to wait till we hear back from them. If it is and they get it resolved can re run the migrate process, but would just only uncheck the "create account" I bet none of the blobs have migrated yet.
oh it's 4am in japan haha. There's a chance @witchcraft.bajortski.net that the witchcraft PDS has a lower blob upload size limit. That affects repo size as well and yours looks to be around 14.5 mb
Can you check your dev console and see what error it may be throwing there and possibly the network tab to see what the last urls it is calling? @astrra.space is the blob upload limit set low. Like maybe less than 14.5mb?
What does the gray box show?
(leave all the inputs the same. It's not smart enough to allow a sumbit without them, but wont reuse the values)
Ahh yeah looks like it already created an account on the PDS with your did. No biggie. Can just open up the advance options and un check create account and migrate blobs and should get you going again
Looks like the invite code might not be valid anymore? Could be cause the account was already created with it Did you rerun it multiple times already or first time
#ProjectWeekend continues! Hope in and chat and maybe I'll respond or maybe not but either way there's LoFi beats
OHHHH base32 doesn't include 1, 8-9. Which is how the code is generated. Learn something new everyday en.wikipedia.org/wiki/Base32
Yeah I was. It only allows numbers 2-7. Which is interesting. Wonder what the security constraint there is github.com/bluesky-soci...
I think they are both different packages/ui's. Although i'm thinking I was mistaken. I think there is more to it and it does. Just certain patterns
Acutally I think I'm mistaken and it's a regex of sorts. Going go grab that code to correct the record on this one and look at how i'm generating 2FA codes a bit better
